Skip to content

Fix error logging for standalone module#3374

Merged
airween merged 2 commits intoowasp-modsecurity:v2/masterfrom
RedXanadu:fix_standalone_error_logging
May 14, 2025
Merged

Fix error logging for standalone module#3374
airween merged 2 commits intoowasp-modsecurity:v2/masterfrom
RedXanadu:fix_standalone_error_logging

Conversation

@RedXanadu
Copy link

@RedXanadu RedXanadu commented May 9, 2025

what

This PR:

  • Restores the original format string for error logging for ModSecurity when compiled as a standalone module.
  • The format string has the explicit [client %s] back again: this is required for standalone modules as Apache is not present to implicitly log the client source IP address.
  • The fix is achieved by adding conditional compilation directives so that for standalone mode the old error logging format strings are used.

why

It is essential for the client source IP address to be written to the error log. This is required for resolving false positives, monitoring, detecting attacks, and the majority of day to day WAF operations.

This PR fixes the bug introduced in an attempt to tidy error logging for Apache in PR #3192.

references

closes #3373

@RedXanadu RedXanadu mentioned this pull request May 9, 2025
Closed
@RedXanadu
Copy link
Author

RedXanadu commented May 9, 2025

I have tested this on a standalone installation of ModSecurity v2.9.8 and can confirm that it restores client IP address logging as intended.

@airween
Copy link
Member

airween commented May 9, 2025

A reminder to me (or to us 😄) - we should add more tests, eg. which will check standalone build (and test it...?) too.

airween
airween previously approved these changes May 9, 2025
View reviewed changes
@airween
Copy link
Member

airween commented May 13, 2025

Thanks @RedXanadu,

my last request: could you pick up the current state from v2/master and rebase your tree? I've added some new tests. Thanks!

RedXanadu added 2 commits May 14, 2025 11:51
@RedXanadu
Add extra conditional compilation for err logging
652b942 
Restores the original format string for error logging for ModSecurity
when compiled as a standalone module. Specifically, the format string
has "[client %s]" back again: this is required for standalone modules as
Apache is not present to implicitly log the client source IP address.
@RedXanadu
Correct indentation
0c7dadc
@RedXanadu RedXanadu force-pushed the fix_standalone_error_logging branch from b16f088 to 0c7dadc Compare May 14, 2025 10:52
@sonarqubecloud
Copy link

sonarqubecloud bot commented May 14, 2025

Quality Gate Passed Quality Gate passed

Issues
Image 0 New issues
Image 0 Accepted issues

Measures
Image 0 Security Hotspots
Image 0.0% Coverage on New Code
Image 0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@RedXanadu
Copy link
Author

RedXanadu commented May 14, 2025
edited
Loading

@airween Sure: now rebased onto the current v2/master.

@airween
Copy link
Member

airween commented May 14, 2025

@airween Sure: now rebased onto the current v2/master.

Awesome, thank you!

airween
airween approved these changes May 14, 2025
View reviewed changes
Copy link
Member

@airween airween left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@airween airween merged commit 9bc3300 into owasp-modsecurity:v2/master May 14, 2025
82 checks passed
@RedXanadu RedXanadu deleted the fix_standalone_error_logging branch May 14, 2025 17:37
@airween airween mentioned this pull request Jun 23, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@airween airween airween approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RedXanadu @airween